Description:
This document describes how to configure the SSO Certificate Authorisation Agent to utilise:
Solution:
To do so please edit the SSO Certificate Authorisation Agent's configuration file CA_certtga.ini accordingly
Several rootCA certificates from the same CA
You can have specify a comma separated list of several rootCA certificates:
... VerifyDepth=2 TrustedPath=\\DemoCorpDC\CertEnroll TrustedNames=DemoCorpDC.DemoCorpDOM.ca.com_DemoCorpPKI(0-1).crt,DemoCorpDC.DemoCorpDOM.ca.com_DemoCorpPKI (1).crt,DemoCorpDC.DemoCorpDOM.ca.com_DemoCorpPKI(1-0).crt,DemoCorpDC.DemoCorpDOM.ca.com_DemoCorpPKI(1-2).crt,DemoCorpDC.DemoCorpDOM.ca.com_DemoCorpPKI (2).crt,DemoCorpDC.DemoCorpDOM.ca.com_DemoCorpPKI(2-1).crt,DemoCorpDC.DemoCorpDOM.ca.com_DemoCorpPKI(2-3).crt,DemoCorpDC.DemoCorpDOM.ca.com_DemoCorpPKI (3).crt,DemoCorpDC.DemoCorpDOM.ca.com_DemoCorpPKI(3-2).crt,DemoCorpDC.DemoCorpDOM.ca.com_DemoCorpPKI.crt ...
Note:
The value for each parameter needs to be in one single line for each.
If you have intermediate CAs you may need to increase the VerifyDepth parameter accordingly.
Several Certificate Revocation Lists
... [parameters] RevocationMeth=CRL ... [CRL1] CrlFileName=ldap://ldap.box1.com:389/&... CrlIssuerCert=C:\Program Files\CA\Certs\vrkqc.cer [CRL2] CrlFileName=ldap://ldap.box2.com:389/&... CrlIssuerCert=C:\Program Files\CA\Certs\TEOPersonnelCA.cer ...
Several Certificate Authorities
... [OCSP1] TrustedPath=C:\ TrustedNames=certnew.cer [OCSP2] TrustedPath= TrustedNames= ...
Note: It is possible to specify this even if there is no OCSP in place.